Cloud Native Privacy Engineering through DevPrivOps

Abstract

Cloud native information systems engineering enables scalable and resilient service infrastructures for all major online offerings. These are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In this paper, we identify the conceptual dimensions of cloud native privacy engineering and propose an integrative approach to be addressed in practice to overcome the shortcomings of existing privacy enhancing technologies. Furthermore, we propose a reference software development lifecycle called DevPrivOps to enhance established agile development methods with respect to privacy. Altogether, we show that cloud native privacy engineering advances the state of the art of privacy by design and by default using latest technologies.